A group of developers known as Massgrave has made headlines by successfully hacking Microsoft’s activation tools for both Windows and Office. Their recent endeavor involves uploading a series of PowerShell scripts to GitHub, enabling users to activate any edition of Windows or perpetual-license Office versions without incurring the licensing fees typically charged by Microsoft. The latest update from the group includes a module designed to facilitate the installation of Windows 10 security updates post-October 2025, bypassing the substantial costs associated with an Extended Security Update subscription.
In a detailed blog post dated February 14, 2025, a Massgrave developer elaborated on the group’s reverse-engineering of Microsoft’s antipiracy mechanism, the Software Protection Platform, which led to the creation of their new tool, TSforge. This innovative script suite supports activation for various Windows versions, including 7, 8.x, 10, and 11, along with corresponding server editions. Additionally, it caters to Office versions from 2010 onward, specifically for perpetual-license products, while excluding Microsoft 365 subscriptions.
Utilizing the scripts requires minimal technical expertise; users only need to open a PowerShell window and paste in a command to navigate through the tool’s user-friendly interface. Testing the software on a fresh installation of Windows 11 in a virtual machine revealed its effectiveness. By employing the MAS script’s HWID mechanism, a seemingly valid digital license was created without a product key. This process was further validated when the virtual hard disk was transferred to a new virtual machine, simulating a common scenario that product activation aims to prevent. Following the execution of the MAS script, the activation was successful.
In a subsequent test, the same method was used on an updated Windows 10 machine, successfully granting three years’ worth of Extended Security Updates at no cost—a subscription that would typically amount to 7. The final test involved downloading Microsoft’s official click-to-run installer for Office 2024 Pro Plus, which was activated using the TSforge script without any charges incurred.
Is this legal?
As one might expect, the legality of these actions is questionable. The developers openly acknowledge their engagement in piracy, stating that the MAS project is a community initiative that does not accept donations, emphasizing that profiting from piracy is not ethical. Upon successful activation, the progress messages even reference “Installing Forged Product Key Data.”
Will you get caught?
Individuals may wonder about the risks of using these tools. For businesses, the potential consequences of an audit could be severe, particularly if they attempt to save on security updates. However, for individuals and small businesses, the risks appear minimal, aside from the ethical considerations surrounding software piracy. Over the past decade, Microsoft has been relatively lenient in distributing digital licenses, and these hacks primarily function by writing a legitimate-looking digital license to the encrypted system store, making it indistinguishable from a properly issued license.
Is it safe?
The safety of these scripts raises further concerns. While the original scripts on GitHub seem harmless, the developers caution users about the possibility of malicious actors cloning their work and embedding malware. They advise vigilance, as some may disguise malware as MAS by utilizing different URLs in the IRM command.
Historically, Microsoft has faced challenges with external parties targeting its activation mechanisms. The company is likely to implement countermeasures to thwart these hacks, but revoking pirated licenses poses significant difficulties due to the challenge of distinguishing between legitimate and forged digital licenses. As noted in their FAQ, while Microsoft can block new activation requests, revoking established digital licenses would be a complex and extreme measure.
Despite the potential impact on Microsoft’s finances being relatively minor, it cannot be dismissed entirely. The bulk of Windows revenue is derived from licenses sold through major OEMs and enterprise agreements, while the shift to cloud-based subscription models for Office products has insulated them from such exploits. Nevertheless, with the activation code publicly available on GitHub, Microsoft is compelled to address this piracy scheme. A spokesperson from the company acknowledged awareness of the situation, stating that appropriate actions would be taken against any unauthorized use of their software and services. Thus, the ongoing cat-and-mouse game between developers and the tech giant continues.
